Collection notice for the Clinician Vaccine Integrated Platform (CVIP)

Find out how we manage any personal information we collect when we upload your healthcare provider and patient personal information through the Clinician Vaccine Integrated Platform for purposes of uploading to the Australian Immunisation Register.

Find out how we manage any personal information we collect when we upload your healthcare provider and patient personal information through the Clinician Vaccine Integrated Platform for purposes of uploading to the Australian Immunisation Register.

This collection notice explains how we (the Australian Government Department of Health) manage your personal information, consistent with our obligations under the Privacy Act 1988 (the Privacy Act), when uploading your healthcare provider and patient personal information through the Clinician Vaccine Integrated Platform (CVIP) for purposes of uploading to the Australian Immunisation Register (the Register).

What is CVIP?

CVIP is a tool we have developed to help your healthcare provider meet their mandatory reporting obligations under the Australian Immunisation Register Act 2015 (the Register Act). CVIP temporarily stores your personal information until it is uploaded to the Register. Once your information is uploaded to the Register your personal information is deleted from CVIP.

When you give us your personal information it is used for the following purposes:

  • to verify your identity for reporting to the Register
  • to report your vaccination to the Register, and
  • if you are a provider, to create your CVIP account. This is stored in CVIP as part of your user registration.

If you are a patient receiving the vaccine, you should have been provided with a short-form collection notice as part of the check-in process.

If you are a vaccine provider, you should have been provided with a short-form collection notice as part of the registration process.

What is the Register?

The Register is a whole of life, national immunisation register which records vaccines given to all people in Australia. The Register includes vaccines given under the National Immunisation Program, through school based programs, and privately, such as for seasonal influenza or travel. The Register may also include details of vaccines administered outside of Australia.

The Register came into existence in 2016 when the Australian Childhood Immunisation Register was expanded to become the Register. The Australian Childhood Immunisation Register began in 1996.

Patient information

Information we collect

When you receive a vaccine, the person administering the vaccine (who must be a ‘recognised vaccination provider’), or someone on their behalf, may enter personal information about you into the Register.

For COVID-19 and influenza vaccinations, the recognised vaccination provider will be required by law to report the information to the Register.

The personal information that may be put into the Register includes your name, date of birth, contact details, gender, and Indigenous status, as well as your Medicare number (if any) and healthcare identifier (if any). We may also collect information about previous immunisations administered to you that are recorded in the Register. Other information will also be included in the Register, such as details of the vaccination, and information about the person who administered the vaccine.

Information collected by your vaccination provider will only be put into the Register where it is authorised or required by the Register Act. If no record match is located in the Register, a new record will be created in the Register.

Why we collect your personal information?

We collect this information so that a recognised vaccination provider can upload information about your vaccination into the Register.

Who can access and upload your personal information through CVIP to the Register?

The Register Act and the Privacy Act govern when your personal information can be used and disclosed. Information in the Register is only accessed and transmitted through secure channels. For details of when information in the Register can be used and disclosed please see the Register privacy policy.

We disclose your personal information to Services Australia to facilitate the verification of your identity, and the upload of your vaccination information to the Register. This may include the details of your Medicare Card Number.

Only your healthcare provider can access and upload your personal information through CVIP on to the Register for a purpose permitted by the Register Act. Healthcare providers registered to use CVIP must comply with relevant laws and not publish, distribute, email, transmit or disseminate patient data. This includes the use of any automated scripting tools or software to gain access to consumer data on the CVIP app.

For information on how you can access and correct your personal information in the Register, please see the Register privacy policy.

Provider information

Information we collect

We will collect your Provider Digital Access (PRODA) login details and the associated personal information to provision you access to the CVIP as a provider.

Why we collect your personal information

When you give us your personal information, we will use to provision your access to CVIP. This includes accessing the personal information you have stored against your PRODA registration. This allows us to:

  • verify your identity
  • register you as a user in CVIP
  • link you to the clinic at which you work.

We preload clinics into CVIP, so you can select which one you are working at the time you are giving vaccinations. Please note that you will use your PRODA login details to access CVIP.

When you give us your personal information, we will:

  • store it as long as you have a CVIP account
  • delete it when you delete your CVIP account, in line with relevant legislation.

Who can access and upload your personal information through CVIP?

The Register Act and the Privacy Act govern when your personal information can be used and disclosed.

For details of when provider information in the Register can be used and disclosed please see the Register privacy policy.

How information is stored in CVIP

The protection of patient and provider personal information is something we take very seriously, and we are committed to keeping it secure. We take significant precautions to protect personal information from misuse and loss, and from unauthorised access, modification or disclosure.

We store personal information provided for CVIP on SalesForce. SalesForce is a cloud-based storage solution that we have contracted with to support the functioning of CVIP. CVIP will upload your vaccination details through an automated process.

Accuracy of information

Although we make every reasonable effort to maintain current and accurate information, you should be aware that there is still the possibility of inadvertent errors and technical inaccuracies.

We do not warrant that the App is error or virus-free.

Concerns and complaints

Our privacy policy explains how you can make a complaint if you think we have breached:

  • the Australian Privacy Principles
  • the Australian Government Agencies Privacy Code

The privacy policy also explains how we will manage your complaint.

More on privacy

We have taken steps to ensure that the implementation of the COVID-19 Vaccine and Treatment Strategy is compliant with the Privacy Act and any other legislation that is relevant to the rollout.

Read more about privacy matters for the COVID‑19 vaccine rollout on our website including: 

For general privacy matters, see our privacy page and our full privacy policy.

Contact details

Departmental privacy enquiries

Contact to find out more about privacy within the department, or to make a privacy enquiry or complaint

Freecall
Privacy officer
privacy [at] health.gov.au
Postal addresses: 
Department of Health
MDP 62
GPO Box 9848
Canberra ACT 2601

View contact

Last updated: 
20 March 2021

Help us improve health.gov.au

If you would like a response please use the enquiries form instead.